Sensitive Information as per Information Technology Rules
According to the Information Technology Rules, the following types of data are considered sensitive personal data to which the rules of Information Technology Act apply:
Financial information such as Bank account or credit card or debit card or other payment instrument details
Physical, physiological and mental health condition
Medical records and history
However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force cannot be considered sensitive personal data.
Clear and easily accessible statements of its practices and policies
Type of personal or sensitive personal data or information collected
Purpose of collection and usage of such information
Disclosure of information including sensitive personal data or information
Reasonable security practices and procedures adopted
The Information Technology Rules require for all body corporates to address any discrepancies and grievances of the provider of information with respect to processing of information in a time bound manner. For this purpose, the body corporate is required to designate a Grievance Officer and publish his name and contact details on its website. The Grievance Officer would then be responsible for addressing the grievances of information providers in an expeditiously manner within one month from the date of receipt of grievance.